Measurements of the paging behavior of UNIX
SIGMETRICS '91 Proceedings of the 1991 ACM SIGMETRICS conference on Measurement and modeling of computer systems
Measurements of a distributed file system
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Characterizing and interpreting periodic behavior in computer systems
SIGMETRICS '92/PERFORMANCE '92 Proceedings of the 1992 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Optimal probabilistic allocation of customer types to servers
Proceedings of the 1995 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
The measured performance of personal computer operating systems
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Exploiting process lifetime distributions for dynamic load balancing
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Self-similarity in World Wide Web traffic: evidence and possible causes
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Communications of the ACM
Self-similarity and heavy tails: structural modeling of network traffic
A practical guide to heavy tails
Automated system administration with feedback regulation
Software—Practice & Experience
Load-balancing heuristics and process behavior
SIGMETRICS '86/PERFORMANCE '86 Proceedings of the 1986 ACM SIGMETRICS joint international conference on Computer performance modelling, measurement and evaluation
A trace-driven analysis of the UNIX 4.2 BSD file system
Proceedings of the tenth ACM symposium on Operating systems principles
Estimates of distributions of random variables for certain computer communications traffic models
Communications of the ACM
Pattern Recognition and Neural Networks
Pattern Recognition and Neural Networks
System Performance Tuning
Artficial Immune Systems and Their Applications
Artficial Immune Systems and Their Applications
Time Series Analysis: Forecasting and Control
Time Series Analysis: Forecasting and Control
Pinpointing System Performance Issues
LISA '97 Proceedings of the 11th Conference on Systems Administration
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
LISA '98 Proceedings of the 12th Conference on Systems Administration
On Preventing Intrusions by Process Behavior Monitoring
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Self-Monitoring and Self-Adapting Operating Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Simulation of User-Driven Computer Behaviour
LISA '01 Proceedings of the 15th USENIX conference on System administration
A Mathematical Theory of Communication
A Mathematical Theory of Communication
Intrusion detection using sequences of system calls
Journal of Computer Security
Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
On the theory of system administration
Science of Computer Programming
Simulation of User-Driven Computer Behaviour
LISA '01 Proceedings of the 15th USENIX conference on System administration
Principle Components and Importance Ranking of Distributed Anomalies
Machine Learning
A control theory perspective on configuration management and Cfengine
ACM SIGBED Review
Probabilistic anomaly detection in distributed computer networks
Science of Computer Programming
A risk analysis of disk backup or repository maintenance
Science of Computer Programming
Improving Anomaly Detection Event Analysis Using the EventRank Algorithm
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Dynamic dependencies and performance improvement
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
On the use of computational geometry to detect software faults at runtime
Proceedings of the 7th international conference on Autonomic computing
Instability in parallel job scheduling simulation: the role of workload flurries
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Uncertainty in global application services with load sharing policy
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
A comprehensive approach to anomaly detection in relational databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Computer Networks: The International Journal of Computer and Telecommunications Networking
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Distribution-Based anomaly detection in network traffic
DataTraffic Monitoring and Analysis
| Hi-index | 0.00 |
A comparative analysis of transaction time-series is made, for light to moderately loaded hosts, motivated by the problem of anomaly detection in computers. Criteria for measuring the statistical state of hosts are examined. Applying a scaling transformation to the measured data, it is found that the distribution of fluctuations about the mean is closely approximated by a steady-state, maximum-entropy distribution, modulated by a periodic variation. The shape of the distribution, under these conditions, depends on the dimensionless ratio of the daily/weekly periodicity and the correlation length of the data. These values are persistent or even invariant. We investigate the limits of these conclusions, and how they might be applied in anomaly detection.